Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0030

CWE-611 — XML External Entity (XXE)22 documents5 sources

Severity

9.8CRITICAL

EPSS

29.1%

top 3.42%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Roller

Timeline

PublishedOct 10

Latest updateMay 14

Description

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDapache/roller6 versions+5

🔴Vulnerability Details

GHSA

GHSA-2p7r-hc45-r2qc: The XML-RPC protocol support in Apache Roller before 5↗2022-05-14

▶

CVEList

CVE-2014-0030: The XML-RPC protocol support in Apache Roller before 5↗2017-10-09

▶

💥Exploits & PoCs

Exploit-DB

Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)↗2018-09-06

▶

💬Community

Bugzilla

CVE-2013-5904 Oracle JDK: unspecified vulnerability fixed in 7u51 (Deployment)↗2014-01-15

▶

Bugzilla

CVE-2014-0418 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)↗2014-01-15

▶

Bugzilla

CVE-2013-5906 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install)↗2014-01-15

▶

Bugzilla

CVE-2013-5889 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)↗2014-01-15

▶

Bugzilla

CVE-2014-0415 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)↗2014-01-15

▶